Hi Steve, I will try to
On Mon, 2005-05-02 at 07:32 -0500, Steve Greenland wrote: > On 02-May-05, 03:00 (CDT), Thomas Viehmann <[EMAIL PROTECTED]> wrote: > > Steve Greenland wrote: > > > Thomas, I think there's more here than a simple LARTing can fix. > > OK, sorry. I remain unconvinced that there is a bug here, let alone an > > RC bug, but at least it seems to be more confusing to people than I > > would have thought. > > Yes, it is. > > You were right, I hadn't selected "Projects" on the user admin screen, > only on the group screen, *and* for my *user* on the group admin screen. > > Of course, I didn't have the "Prefences" modules selected either, and > yet I could access that. That because it has already been assigned to the group. > > Do you see the confusion? There are apparently two completely different > overlapping ACL systems. Some of those ACLs are meaningless for some > modules (calendar and addressbook), but not others. (I say meaningless, > because according to the 'user groups' ACLs, I don't have any access to > those two apps, yet they work fine.) Actually they aren't meaningless. php*Group*Ware uses groups for the initial ACLs. I am happy to admit that our documentation is a little lacking in parts, but the ACLs system works well and it pretty straight forward once you understand it. > > > > Well, to be perfectly honest, I understand your point, but I disagree > > here. The admin user in phpGroupWare does not have implied priviledges > > and while it's a debatable design decision, it's a prefectly sound > > principle that you should have to grant permissions to all but the most > > basic apps - especially the ones that need to be set up by the admin - > > before users can see and use them. If I'm not mistaken, most of the > > apps behave like this, not only -projects. > > That may be, but what I saw was that two of the three I had installed > worked, one didn't. It would be better to have access to nothing than to > an apparently random sample. > > You might consider changing the default so that the original admin user > *does* have access to all the apps. Presumably a module is installed > so that it can be used, and there's no point in making the admin fumble > around. If the admin can see something and the other users can not, it > very clearly a permission issue, and even I might have stumbled accross > the magic combination. >From an upstream perspective this is not as easy as it sounds. We have a set of core apps, addressbook, calendar, email, filemanager, notes setup, todo and the API. These are the apps which are available by default. Years ago most linux distros used to install and enable a lot of services by default, now they don't. I think it is similar for phpgw, we enable the core and you are free to add the rest in. If Thomas wants to change this behaviour he is free to edit the <app>/setup/default_records.inc.php files :) Confusing for sysadmins? maybe. Do the docs need work? Most definitely. > > > My apologies for asking this, but systematic analysis wants this > > question first. > > No need to apologize, that fixed it. > > > I'll refrain from providing a screenshot if that's any > > consolation. > > When discussiong UI, screenshots are *good*. That way we know what the > other is seeing. > > > P.S.: In my opinion, this bug should be reseveritied "minor" if it's a > > documentation issue or "important" if indeed a malfunction, because it > > doesn't seem to affect all users. > > Minor. Obviously, if I'm the only one who couldn't figure this out, it's > my problem. But a two sentence note in the README.Debian would have > avoided this whole conversation. > > Thanks for putting up with my fumbling. > > Steve -- Dave Hall (aka skwashd) API Coordinator phpGroupWare ------------------------------------------------------------------------- Do you think if Bill Gates got laid in high school, do you think there'd be a Microsoft? Of course not. Underwear Goes Inside The Pants by Lazy Boy -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
